CN111201527B - Client server system - Google Patents

Client server system Download PDF

Info

Publication number
CN111201527B
CN111201527B CN201880065759.4A CN201880065759A CN111201527B CN 111201527 B CN111201527 B CN 111201527B CN 201880065759 A CN201880065759 A CN 201880065759A CN 111201527 B CN111201527 B CN 111201527B
Authority
CN
China
Prior art keywords
url
unit
terminal device
service server
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201880065759.4A
Other languages
Chinese (zh)
Other versions
CN111201527A (en
Inventor
川村宜浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CN111201527A publication Critical patent/CN111201527A/en
Application granted granted Critical
Publication of CN111201527B publication Critical patent/CN111201527B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The terminal device (1) has a data acquisition unit (113) that acquires data from the service server (2) by transmitting an access request to a disposable URL indicated by URL information received from the service server (2). The service server (2) has: a URL generation unit (212) that generates a disposable URL; an expiration date setting unit (213) for setting the expiration date of the disposable URL; an authentication processing unit (216) for authenticating the terminal device (1); and a state setting unit (215) that sets the authentication function to either one of an authentication function activated state and an authentication function deactivated state within the validity period of the disposable URL. When an access request is received, the authentication processing unit (216) starts authentication processing when the authentication function activation state is set, and the authentication processing unit (216) prevents execution of the authentication processing when the authentication function deactivation state is set.

Description

Client server system
Technical Field
The present invention relates to a client server system.
Background
A network system including a mobile terminal and a content provider (content provider) has been proposed (for example, see patent document 1). Here, the mobile terminal generates a call signal including the telephone number of the terminal itself, and transmits the call signal to the content provider. In addition, the mobile terminal receives a mail from the content provider, and accesses the content provider using a password included in the mail. When receiving a call signal, a content provider extracts a telephone number included in the call signal, compares the telephone number of a subscriber with the telephone number included in the call signal to authenticate a mobile terminal, generates and registers a password, and transmits a mail describing a URL (Uniform Resource Locator: uniform resource locator) including the password to the mobile terminal using the telephone number included in the call signal. The content provider, upon receiving the access request information including the URL from the mobile terminal, compares the password included in the URL with the registered password, and, when the passwords match, allows access to the mobile terminal and provides prescribed content thereto.
Prior art literature
Patent literature
Patent document 1: japanese patent laid-open No. 2003-30146
Disclosure of Invention
Problems to be solved by the invention
However, in the network system described in patent document 1, when the URL described in the mail is intercepted, there is a fear that an illegal access to the content provider occurs.
The present invention has been made in view of the above-described circumstances, and an object thereof is to provide a client server system capable of suppressing illegal access to a server.
Solution for solving the problem
In order to achieve the above object, a client server system according to the present invention includes a first terminal device, a second terminal device, and a server, wherein the first terminal device includes: a data acquisition unit that acquires data from the server by transmitting an access request to the server based on the first access information received from the server, the second terminal device including: a request transmitting unit that transmits a switching request for switching the state of the server to the server based on the second access information received from the server, the server having: an access information generation unit that generates the first access information and the second access information; a valid period setting unit that sets a valid period of the first access information and the second access information; an access information transmitting unit that transmits the first access information to the first terminal device and transmits the second access information to the second terminal device; an authentication processing unit that performs an authentication process for authenticating a source of the access request; and a state setting unit configured to, when the switching request is received, set to any one of a first state in which the authentication processing by the authentication processing unit is permitted to be executed and a second state in which the authentication processing by the authentication processing unit is prohibited from being executed, wherein when the access request is received from the data acquisition unit, the authentication processing unit starts the authentication processing when the first state is set, and when the second state is set, the authentication processing unit avoids the execution of the authentication processing.
Effects of the invention
According to the present invention, when a switching request is received, the state setting section sets to any one of a first state in which authentication processing is permitted to be performed and a second state in which authentication processing is prohibited from being performed. When the access request is received from the data acquisition unit, the authentication processing unit starts the authentication process when the first state is set, and the authentication processing unit avoids execution of the authentication process when the second state is set. Thus, for example, if the state setting unit is switched to the second state after the authentication process corresponding to the terminal device is executed once, the authentication by the authentication processing unit is not executed even if the access information is intercepted later and the access request is received from the other terminal device. Therefore, illegal access to the server can be suppressed, and security can be enhanced. Further, according to the present invention, the first access information is transmitted to the first terminal device, and the second access information is transmitted to the second terminal device. Then, the second terminal apparatus transmits a switching request to the server based on the second access information, whereby the state of the server can be switched.
Drawings
Fig. 1 is a schematic diagram of a client server system according to an embodiment of the present invention.
Fig. 2 is a block diagram of a client server system of an embodiment.
Fig. 3 is a timing chart showing the operation of the client server system according to the embodiment.
Fig. 4 is a timing chart showing the operation of the client server system according to the modification.
Fig. 5 is a schematic diagram of a modified client server system.
Fig. 6 is a block diagram of a modified terminal device.
Fig. 7 is a timing chart showing the operation of the client server system according to the modification.
Fig. 8 is a timing chart showing the operation of the client server system according to the modification.
Detailed Description
Hereinafter, a client server system according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings.
In the client server system of the present embodiment, when the server receives an authentication request from the terminal device, URL information indicating a one-time URL is transmitted to the terminal device. When an operation for accessing the user's URL is accepted, the terminal device transmits an access request to the server. With the server, when an access request is received from the terminal device, the authentication process of the terminal device is performed in a state where the authentication process is permitted to be performed. Here, the one-time URL is access information including network information and authentication information. Examples of the authentication information include login information and a token (token).
As shown in fig. 1, the client server system of the present embodiment includes: a terminal device 1 owned by a user, a business server 2 owned by a company that provides, for example, web page (web) content, and an authentication server 3. The terminal device 1 is connected to the service server 2 and the authentication server 3 via the network NT. The network NT includes a LAN (Local Area Network: local area network) and the internet.
As shown in fig. 2, the terminal device 1 is a general-purpose personal computer having a communication function, for example, and includes: a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) including a random access Memory (not shown), a ROM (Read Only Memory) (not shown), a Memory (storage) 102, an input unit 105, a display unit 103, and a communication unit 104. The RAM is composed of a volatile memory, and is used as a work area of the CPU 101. The ROM is configured by a nonvolatile memory such as a magnetic disk or a semiconductor memory, and the input unit 105 is a keyboard, for example, and receives various operation information input by a user and outputs the received operation information to the CPU 101. The display unit 103 is, for example, a liquid crystal display, and displays various information input from the CPU 101.
The ROM of the terminal apparatus 1 stores programs for realizing various functions of the terminal apparatus 1. The CPU101 reads and executes the program from the ROM to the RAM, and thereby functions as a login receiving unit 111, a request transmitting unit 112, and a data acquiring unit 113. The login receiving unit 111 causes the display unit 103 to display a login screen, and receives login information including user identification information and a password, which is input by a user via the input unit 105.
When the login reception unit 111 receives the login information, the request transmission unit 11 transmits an authentication request requesting authentication of the terminal device 1 to the service server 2. The authentication request includes login information including user identification information and information indicating a password, which is received by the login receiving unit 111.
When receiving URL information indicating the disposable URL from the service server 2 and accepting an operation for accessing the disposable URL by the user via the input unit 105, the data acquisition unit 113 transmits an access request to the disposable URL to the service server 2. Then, after transmitting an access request to the disposable URL, the data acquisition unit 113 acquires data from the service server 2 when a session (session) with the service server 2 is established. The data acquisition unit 113 stores the data received from the service server 2 in a memory.
The service server 2 is a general-purpose personal computer having a communication function, for example, and includes: a CPU201, a RAM (not shown), a memory 202, and a communication unit 204. The memory 202 has: a service database (hereinafter referred to as "service DB") 221 storing data provided by the terminal apparatus 1 to the user; and a login DB222 storing login information.
Further, the memory 202 stores a program for realizing the following functions: a function of generating a one-time URL and transmitting the generated URL to the terminal device, a function of transmitting data to the terminal device 1, and a function of querying the authentication server 3 for the access authority of the terminal device 1 to the service server 2. Then, the CPU201 reads out the program from the memory 202 to the RAM and executes the program, thereby functioning as: a request receiving unit 211, a URL generating unit 212 as an access information generating unit, a validity period setting unit 213, a URL transmitting unit 214 as an access information transmitting unit, a state setting unit 215, an authentication processing unit 216, and a data transmitting unit 217. The request receiving unit 211 receives an authentication request from the terminal device 1. The request receiving unit 211 extracts the identification information of the terminal device 1 that is the transmission source of the authentication request, and notifies the URL transmitting unit 214 of the extracted identification information.
The URL generation unit 212 generates a one-time URL. The expiration date setting unit 213 sets the expiration date of the disposable URL generated by the URL generating unit 212.
The URL transmitting unit 214 generates URL information indicating the disposable URL generated by the URL generating unit 212, and transmits the URL information to the terminal apparatus 1 based on the identification information of the terminal apparatus 1 of the transmission source notified from the request receiving unit 211.
The authentication processing section 216 performs authentication processing for authenticating the terminal device 1 that is the transmission source of the data acquisition request. In the authentication process, the authentication processing unit 216 first transmits inquiry information for inquiring whether the terminal device 1 has access to the service server 2 to the authentication server 3 via the communication unit 204. The inquiry information includes user identification information corresponding to the target terminal device 1 and information indicating a password. When receiving response information indicating that the terminal device 1 corresponding to the inquiry information has access authority to the service server 2 from the authentication server 3 via the communication unit 204, the authentication processing unit 216 determines that authentication is successful, and establishes a session with the terminal device 1. On the other hand, when receiving response information indicating that the terminal device 1 corresponding to the inquiry information does not have access authority to the service server 2 from the authentication server 3 via the communication unit 204, the authentication processing unit 216 determines that authentication has failed, and avoids establishing a session with the terminal device 1. When receiving an authentication request from the terminal device 1, the authentication processing unit 216 extracts login information included in the received authentication request and stores the login information in the login DB222.
The state setting unit 215 sets, within the validity period of the disposable URL, either one of an authentication function activation (first state) state in which the authentication processing by the authentication processing unit 216 is permitted to be executed and an authentication function deactivation state (second state) in which the authentication processing by the authentication processing unit 216 is prohibited from being executed. When the data acquisition unit 113 receives an access request, the authentication processing unit 216 starts the authentication process when the authentication function activation state is set. On the other hand, when the authentication function deactivation state is set, the authentication processing unit 216 avoids execution of the authentication processing. The state setting unit 215 may set either the authentication function activation state or the authentication function deactivation state based on the IP (Internet Protocol: internet protocol) address of the terminal device 1 from which the received access request was sent, the time period in which the access request was received, and the location where the terminal device 1 from which the access request was sent was located.
When a session is established between the terminal apparatus 1 and the service server 2, the data transmission unit 217 transmits data stored in the service DB221 to the terminal apparatus 1 via the communication unit 204.
The authentication server 3 is a general-purpose personal computer having a communication function, for example, like the service server 2, and includes: a CPU301, a RAM (not shown), a memory 302, and a communication unit 304. The memory 302 has a repository (repository) 321 in which information on the access right of the terminal apparatus 1 is registered.
Further, the memory 302 stores a program for realizing the following functions: referring to repository 321, it is determined whether or not terminal device 1 corresponding to the inquiry information received from service server 2 has access right to service server 2, and the determination result is responded to service server 2. Then, the CPU301 reads out the program from the memory 302 to the RAM and executes the program, thereby functioning as the access right determination unit 311 and the right existence notification unit 312. The access right determination unit 311 refers to the repository 321, and determines whether or not the terminal device 1 corresponding to the inquiry information received from the service server 2 has access rights to the service server 2. Specifically, the access right determination unit 311 determines whether or not user identification information included in the inquiry information and information indicating a password are registered in the repository 321. The access right determination unit 311 determines that the corresponding terminal device 1 has access right when the user identification information included in the inquiry information and the information indicating the password are registered in the repository 321.
The permission presence/absence notification unit 312 transmits response information indicating a determination result based on the presence/absence of the access permission determination unit 311 to the service server 2 via the communication unit 304.
Next, the operation of the client server system according to the present embodiment will be described with reference to fig. 3. First, in the service server 2, the URL generation unit 212 generates a one-time URL (step S1). Next, the expiration date setting unit 213 of the service server 2 sets the expiration date of the disposable URL generated by the URL generating unit 212 (step S2).
Next, URL information indicating the URL generated by the URL generating section 212 is transmitted from the service server 2 to the terminal apparatus 1 (step S3). The URL information is transmitted from the service server 2 to the terminal device 1, for example, in the form of a mail including a description of the URL generated by the URL generating unit 212.
On the other hand, in the terminal device 1, when the URL information is received, the data acquisition unit 113 causes the display unit 103 to display the disposable URL indicated by the URL information (step S4). Here, when the data acquisition unit 113 functions as a browser (browser), a browser screen including a description of the disposable URL is displayed on the display unit 103.
Next, when the user clicks on the one-time URL via the input unit 105 in a state where the one-time URL displayed on the display unit 103 is selected, the data acquisition unit 113 of the terminal device 1 receives the one-time URL clicking operation (step S5).
Thereafter, an access request for requesting access to the one-time URL is transmitted from the terminal apparatus 1 to the service server 2 (step S6).
Next, the login input information designated by the disposable URL is transmitted from the service server 2 to the terminal device 1 (step S7). The login input information is, for example, information for causing the display unit 103 of the terminal device 1 to display a login screen.
Next, when the user performs a login operation via the input unit 105 in a state in which the login screen is displayed on the display unit 103 of the terminal device 1, the login reception unit 111 of the terminal device 1 receives the login operation (step S8). Here, the login operation is an operation of inputting user identification information, a password, or the like by a user, for example.
Next, an authentication request requesting authentication of the terminal device 1 from the service server 2 is transmitted from the terminal device 1 to the service server 2 (step S9). At this time, in the service server 2, the authentication processing section 216 extracts login information including user identification information, a password, and the like, which are input by a login operation and included in the received authentication request, and stores the login information in the login DB222.
Thereafter, in the service server 2, the state setting unit 215 sets the service server 2 to an authentication function activated state in which the authentication process performed by the authentication processing unit 216 is permitted (step S10). Next, the authentication processing unit 216 starts authentication processing (step S11).
Next, when it is determined that authentication is successful (step S12), the authentication processing unit 216 of the service server 2 establishes a session between the terminal device 1 and the service server 2 (step S13). Next, data corresponding to the access request is transmitted from the service server 2 to the terminal device 1 (step S14). On the other hand, in the terminal device 1, when data is received, the data acquisition unit 113 causes the memory to store the received data (step S15). In this way, the terminal device 1 can use the data acquired from the service server 2.
In the service server 2, the state setting unit 215 sets the service server 2 to the authentication function deactivated state for the validity period of the one-time URL (step S16). Here, in the terminal device 1, after the disposable URL indicated by the URL information is displayed on the display unit 103 (step S17), the data acquisition unit 113 receives the disposable URL click operation (step S18). In this case, an access request requesting access to the one-time URL is transmitted from the terminal apparatus 1 to the service server 2 (step S19). At this time, the service server 2 is set to the authentication function deactivated state, and thus the authentication processing section 216 avoids execution of the authentication processing.
When the validity period of the one-time URL is reached, the URL generation unit 212 disables the one-time URL in the service server 2 (step S20).
As described above, according to the client server system of the present embodiment, the state setting unit 215 sets, within the validity period of the one-time URL, either one of the authentication function activation state in which the authentication process is permitted to be executed and the authentication function deactivation state in which the authentication process is prohibited to be executed. When the data acquisition unit 113 receives an access request, the authentication processing unit 216 starts the authentication process when the data acquisition unit is set to the authentication function activated state. On the other hand, when the authentication function deactivation state is set, the authentication processing unit 216 avoids execution of the authentication processing. Thus, for example, if the state setting unit 215 is switched to the authentication function deactivated state after the authentication process corresponding to the terminal device 1 is executed once, the authentication by the authentication processing unit 216 is not executed even if the URL information is intercepted later and the access request is received from another terminal device. Therefore, illegal access to the service server 2 is suppressed.
The embodiments of the present invention have been described above, but the present invention is not limited to the configurations of the foregoing embodiments. For example, after the access request is transmitted from the terminal device 1 to the service server 2, another one-time URL may be generated in the service server 2, and a so-called C-mail (SMS (Short Mail Service: short message service) mail) including a description of the generated one-time URL may be transmitted from the service server 2 to the terminal device 1. In a state where the content of the C-mail is displayed on the display unit 103 of the terminal device 1, when the user clicks on the one-time URL described in the C-mail via the input unit 105, an authentication request may be transmitted from the terminal device 1 to the service server 2. Thereafter, in the service server 2, the state setting unit 215 may set the service server 2 to the authentication function activated state.
According to this configuration, even if a browser is not installed in the terminal apparatus 1, authentication processing using a one-time URL can be realized.
In the embodiment, the example of the client server system that performs the authentication process using the disposable URL has been described, but the present invention is not limited to this, and the authentication process may be performed using both the disposable token and the disposable URL, for example. In this case, the service server 2 may be configured to include a token generation unit that generates a disposable token, and the validity period setting unit 213 may set the validity period of the disposable token. The terminal device 1 may further include: a URL generation unit that generates a one-time URL as the access information generation unit in the same manner as the URL generation unit 212 of the service server 2; and an expiration date setting unit that sets an expiration date of the generated URL.
The operation of the client server system according to this modification will be described with reference to fig. 4. First, login input information is transmitted from the service server 2 to the terminal device 1 (step S201). Next, when the user performs a login operation while the login screen is displayed on the display unit 103 of the terminal device 1, the login reception unit 111 of the terminal device 1 receives the login operation (step S202). Next, a first authentication request is transmitted from the terminal device 1 to the service server 2 (step S203). On the other hand, in the service server 2, upon receiving the first authentication request from the terminal device 1, the one-time token generation section generates a one-time token (step S204). Thereafter, the expiration date setting unit 213 of the service server 2 sets the expiration date of the one-time token (step S205).
Then, token information indicating the one-time token generated by the token generating unit is transmitted from the service server 2 to the terminal device 1 (step S206). The token information is transmitted from the service server 2 to the terminal device 1 in the form of, for example, an html (hypertext markup language: hypertext markup language) file including a description of the disposable token. Next, when the user performs an operation of inputting a token in a state in which the display unit 103 of the terminal device 1 displays a screen including a disposable token, the login reception unit 111 of the terminal device 1 receives the operation of inputting a token (step S207). Next, a second authentication request is transmitted from the terminal device 1 to the service server 2 (step S208). Thereafter, in the terminal device 1, the URL generating unit generates a disposable URL (step S209), and the validity period setting unit sets the validity period of the disposable URL generated by the URL generating unit (step S210).
On the other hand, in the service server 2, when the second authentication request is received from the terminal apparatus 1, the URL generation section 212 generates a one-time URL (step S211). Next, the validity period setting unit 213 of the service server 2 sets the validity period of the disposable URL generated by the URL generating unit 212 (step S212).
On the other hand, in the terminal device 1, the data acquisition unit 113 causes the display unit 103 to display the disposable URL generated by the URL generation unit (step S213). Thereafter, when the user clicks on the one-time URL via the input unit 105 in a state where the one-time URL displayed on the display unit 103 is selected, the data acquisition unit 113 of the terminal device 1 receives the one-time URL clicking operation (step S214). Next, an access request to the one-time URL is transmitted from the terminal apparatus 1 to the service server 2 (step S215). On the other hand, in the service server 2, when the access request is received, the state setting section 215 sets the service server 2 to the authentication function activated state (step S216). Thereafter, the processing of steps S217 to S226 is performed. The processing of steps S217 to S226 is the same as the processing of steps S11 to S20 described in the embodiment.
According to this configuration, after three steps of using login information, one-time token, and one-time URL are normally performed, authentication processing is performed for the first time. Therefore, safety can be improved as compared with the embodiment.
In the embodiments, the following examples are described: when the user clicks the one-time URL, a login screen is displayed on the display unit 103 of the terminal device 1, and when the user performs a login operation, an authentication request is transmitted from the terminal device 1 to the service server 2, and thereafter, the service server 2 is set to an authentication function activated state. However, for example, the terminal device 1 may be provided with a URL generating unit that generates a one-time URL, and when the user clicks on the one-time URL, the URL generating unit of the terminal device 1 may generate another one-time URL and display the other one-time URL on the display unit 103. When the user clicks the one-time URL displayed on the display unit 103 of the terminal device 1, an authentication request may be transmitted from the terminal device 1 to the service server 2, and the service server 2 may be set to an authentication function activated state.
Alternatively, in a state where the login screen is displayed on the display unit 103 of the terminal device 1, when the user performs the login operation, the URL generating unit of the terminal device 1 may generate another one-time URL and display the generated URL on the display unit 103. In this case, the service server 2 may be configured to include a proxy (agent) information storage unit and a proxy information determination unit. The proxy information storage unit stores a plurality of pieces of user agent information corresponding to terminal apparatuses permitted to establish sessions with the service server 2. The proxy information determination unit determines whether or not the user agent information included in the authentication request received from the terminal apparatus 1 matches any one of the user agent information stored in the proxy information storage unit.
In the present modification, when the user clicks the one-time URL displayed on the display unit 103 of the terminal device 1, an authentication request including user agent information given to the terminal device 1 is transmitted from the terminal device 1 to the service server 2. In the service server 2, the proxy information determination unit determines whether or not the user proxy information included in the authentication request matches any of the user proxy information stored in the proxy information storage unit. When the proxy information determination unit determines that the user agent information included in the authentication request matches any one of the user agent information stored in the proxy information storage unit, the state setting unit 215 sets the service server 2 to the authentication function activated state.
Further, the service server 2 may include a request notification unit that, when the service server 2 receives the authentication request, transmits request notification information for notifying the reception of the authentication request to the other terminal device. In this case, when the user clicks the one-time URL to transmit the access request from the terminal device 1 to the service server 2, the request notification unit of the service server 2 transmits the request notification information to, for example, another terminal device held by the manager. When another terminal device performs an operation for responding to the request notification information, the response information is transmitted from the other terminal device to the service server 2. When the service server 2 receives the response information, the state setting unit 215 may set the service server 2 to the authentication function activated state.
In the embodiment, after setting the authentication function activation state, the state setting unit 215 may set the service server 2 to the authentication function deactivation state when an unauthorized access to the service server 2 is detected before the expiration date of the one-time URL is reached.
In the embodiment, there may be a plurality of terminal apparatuses 1, and the service server 2 may further include an access restriction unit that prohibits access to the one-time URL from the other terminal apparatuses 1 when a session is established between one terminal apparatus 1 and the service server 2.
In the embodiment, the case where the login information includes the user identification information and the information indicating the password has been described, but the information included in the login information is not limited to these. The login information may include, for example, a random number sequence (token) capable of specifying the user.
In the embodiment, the description has been made of an example in which the state setting unit 215 switches the state of the service server 2 from the authentication function activation state to the authentication function deactivation state only once before the expiration date of the one-time URL is reached. However, the present invention is not limited thereto, and the state setting unit 215 may switch the state of the service server 2 from the authentication function activation state to the authentication function deactivation state a plurality of times, or may switch the state from the authentication function deactivation state to the authentication function activation state a plurality of times.
In the embodiment, the terminal apparatus 1 may have a function as a service server.
In the embodiment, the example in which the terminal device 1 displays the disposable URL on the display unit 103 has been described, but the present invention is not limited to this, and for example, the terminal device 1 may not display the disposable URL on the display unit 103. In this case, for example, when URL information is received, the terminal apparatus 1 may be configured to cause the display unit 103 to display an icon, and when the icon is clicked, access the service server 2 based on a one-time URL indicated by the URL information.
In the embodiment, in step S13 of fig. 3, an example in which the service server 2 establishes a session with the terminal apparatus 1 is described, but the present invention is not limited thereto. For example, the service server 2 may transmit the token to the terminal device 1 at the timing (timing) of step S13 in fig. 3.
In the client server system of the embodiment, the service server 2 and the authentication server 3 are described as separate devices. However, the present invention is not limited to this, and may be a client server system including a device having both the function of the service server 2 and the function of the authentication server 3.
In the client server system according to the present embodiment, for example, the user can set the service server 2 to the authentication function activation state or the authentication function deactivation state using the terminal device. For example, as shown in fig. 5, the client server system of the present modification includes: a terminal device 1 held by a user who receives data, a service server 2, an authentication server 3, and a terminal device 21 held by a manager of the service server 2. In fig. 5, the same components as those of the embodiment are denoted by the same reference numerals as those of fig. 1. The hardware configuration of the terminal device 21 is the same as that of the terminal device 1 described in the embodiment. The same components as those of the embodiment will be described below with the same reference numerals as those of fig. 1 or 2.
As shown in fig. 6, the CPU101 of the terminal apparatus 21 reads out the RAM from the memory 102 and executes the RAM, thereby functioning as the reception unit 2111 and the request transmission unit 2112. The reception unit 2111 receives an operation to specify the access control disposable URL or an operation to switch the authentication function of the service server 2 from the service server 2. When the reception unit 2111 receives the switching operation, the request transmission unit 2112 transmits a switching request for switching the authentication function of the service server 2 to the service server 2. The authentication request includes information indicating that the authentication function of the service server 2 is activated or deactivated.
The URL generation unit 212 generates a registration-use disposable URL as a first disposable URL and an access control-use disposable URL as a second disposable URL. Here, the login-use disposable URL is a URL used when, for example, login information is transmitted to the terminal device 1 held by the user who receives the data, and the access control-use disposable URL is a URL used when the manager receives switching information from the service server 2 via the terminal device 21. The switching information is, for example, information for causing the display unit 103 of the terminal device 21 to display a switching operation screen for switching the authentication function of the service server 2. The URL generation unit 212 generates, for each of the disposable URLs for login, a disposable URL for access control corresponding to the disposable URL for login at the same time or in the same execution process. Here, only one access control disposable URL may be generated for one login disposable URL, or a plurality of access control disposable URLs may be generated.
The URL transmitting unit 214 generates URL information for registration as first URL information indicating a disposable URL for registration and URL information for access control as second URL information indicating a disposable URL for access control. The URL transmitting unit 214 transmits the URL information for registration to the terminal device 1 based on the identification information of the terminal device 1 of the transmission source notified from the request receiving unit 211. The URL transmitting unit 214 transmits the access control URL information to the terminal device 21 based on the identification information of the terminal device 21 of the transmission source notified from the request receiving unit 211.
The authentication processing unit 216 performs authentication processing for authenticating the terminal device 1 as the transmission source of the data acquisition request, as in the embodiment. The state setting unit 215 sets, in the validity period of the access control disposable URL, either one of the authentication function activation state (first state) and the authentication function deactivation state (second state) based on the switching request received from the terminal device 21. When the access request is received, the authentication processing unit 216 starts the authentication process when the authentication function activation state is set. On the other hand, when the authentication function deactivation state is set, the authentication processing unit 216 avoids execution of the authentication processing.
The function of the expiration date setting unit 213 and the data transmitting unit 217 is the same as in the embodiment.
Next, the operation of the client server system according to the present embodiment will be described with reference to fig. 7 and 8. First, in the service server 2, the URL generation section 212 generates a one-time URL for registration (step S301), and generates a one-time URL for access control (step S302). That is, the URL generation unit 212 generates the registration-use disposable URL and the access control-use disposable URL at the same time or during the same execution process. Next, the expiration date setting unit 213 of the service server 2 sets the expiration date of the disposable URL for login generated by the URL generating unit 212 (step S303).
Next, the access control URL information indicating the access control disposable URL generated by the URL generating unit 212 is transmitted from the service server 2 to the terminal apparatus 1 (step S304), and the registration URL information indicating the access control disposable URL generated by the URL generating unit 212 is transmitted from the service server 2 to the terminal apparatus 21 (step S305). The URL information for registration and the URL information for access control are transmitted from the service server 2 to the terminal device 1 in the form of, for example, a mail including a registration disposable URL and a description of the access control disposable URL generated by the URL generating unit 212. However, at this time, the service server 2 is deactivated for the authentication function, and therefore the terminal device 1 cannot acquire data from the service server 2. The access control disposable URL is transmitted to the terminal device 21 held by the manager (for example, a master authority, a supervisors, guardians, and the like) by mail, for example.
On the other hand, in the terminal device 1, when receiving the URL information for registration, the data acquisition unit 113 causes the display unit 103 to display the disposable URL for registration indicated by the URL information for registration (step S306). Here, when functioning as a browser, the data acquisition unit 113 causes the display unit 103 to display a browser screen including a description of the disposable URL. Further, in the terminal device 21, upon receiving the access control URL information, the request transmitting section 2112 causes the display section 103 to display the access control disposable URL indicated by the access control URL information (step S307).
Next, when the user clicks the access control disposable URL via the input unit 105 in a state where the access control disposable URL displayed on the display unit 103 is selected, the request transmitting unit 2112 of the terminal device 21 receives the access control disposable URL clicking operation (step S308).
Thereafter, an access request requesting access to the access control one-time URL is transmitted from the terminal apparatus 21 to the service server 2 (step S309).
Next, the switching information designated by the access control disposable URL is transmitted from the service server 2 to the terminal device 21 (step S310). The switching information is, for example, information for causing the display unit 103 of the terminal device 21 to display a switching operation screen for switching the authentication function of the service server 2.
Next, when the user performs the switching operation via the input unit 105 in a state in which the switching operation screen is displayed on the display unit 103 of the terminal device 21, the reception unit 2111 of the terminal device 1 receives the switching operation (step S311). Thereafter, a switching request requesting switching of the authentication function of the service server 2 is transmitted from the terminal device 21 to the service server 2 (step S312).
On the other hand, in the service server 2, upon receiving the switching request, the state setting section 215 sets the service server 2 to an authentication function activated state allowing the authentication processing by the authentication processing section 216 (step S313). That is, the manager accesses the access control disposable URL by using the terminal device 21, and sets the service server 2 to the authentication function activated state, so that the terminal device 21 can acquire data from the service server 2. Here, the state setting unit 215 sets the authentication function of the access request to the login disposable URL generated by associating the access control disposable URL with the received switching request to the activated state. For example, "LURL-a" and "LURL-B" are generated as the disposable URLs for login, and "AURL-a" and "AURL-B" are generated as the disposable URLs for access control corresponding to these. In this case, when the switching request corresponds to the access control disposable URL "AURL-a", the state setting unit 215 activates only the authentication function for the access request to the registration disposable URL "LURL-a", and maintains the authentication function for the access request to the registration disposable URL "LURL-B" in a deactivated state
Next, when the user performs an operation of clicking the login disposable URL via the input unit 105 in a state where the login disposable URL displayed on the display unit 103 is selected, the data acquisition unit 113 of the terminal device 1 receives the clicking operation of the login disposable URL (step S314).
Next, an access request requesting access to the login one-time URL is transmitted from the terminal device 1 to the service server 2 (step S315).
Thereafter, the login input information designated by the login disposable URL is transmitted from the service server 2 to the terminal device 1 (step S316). The login input information is, for example, information for causing the display unit 103 of the terminal device 1 to display a login screen. Here, the service server 2 transmits login information designated by the login disposable URL to the terminal device 1 only when receiving an access request to the login disposable URL whose authentication function is activated in step S313. For example, "LURL-a" and "LURL-B" are generated as the disposable URLs for login, and only the authentication function corresponding to the access request to the disposable URL "LURL-a" for login is set to the activated state. In this case, the service server 2 transmits login information to the terminal device 1 when receiving an access request to the login disposable URL "LURL-a", but avoids transmission to the terminal device 1 of the login information when receiving an access request to the login disposable URL "LURL-B".
Next, when the user performs a login operation via the input unit 105 in a state in which the login screen is displayed on the display unit 103 of the terminal device 1, the login reception unit 111 of the terminal device 1 receives the login operation (step S317). Here, the login operation is an operation of inputting user identification information, a password, or the like by a user, for example.
Next, an authentication request requesting authentication of the terminal device 1 from the service server 2 is transmitted from the terminal device 1 to the service server 2 (step S318). At this time, in the service server 2, the authentication processing section 216 extracts login information including user identification information, a password, and the like, which are input by a login operation and included in the received authentication request, and stores the login information in the login DB222.
Thereafter, in the service server 2, the authentication processing unit 216 starts authentication processing (step S319). Next, when it is determined that authentication is successful (step S320), the authentication processing unit 216 of the service server 2 establishes a session between the terminal device 1 and the service server 2 (step S321). Next, data corresponding to the access request is transmitted from the service server 2 to the terminal device 1 (step S322). On the other hand, in the terminal device 1, when receiving data, the data acquisition unit 113 causes the memory to store the received data (step S323).
The request transmitting unit 2112 of the terminal apparatus 21 causes the display unit 103 to display the access control disposable URL indicated by the access control URL information (step S324). At this time, when the user performs an operation of clicking the access control disposable URL via the input unit 105 in a state where the access control disposable URL displayed on the display unit 103 is selected, the reception unit 2111 receives a clicking operation of the access control disposable URL (step S325).
Thereafter, as shown in fig. 8, an access request requesting access to the access control disposable URL is transmitted from the terminal apparatus 21 to the service server 2 (step S326). Next, the switching information designated by the access control disposable URL is transmitted from the service server 2 to the terminal apparatus 21 (step S327).
Next, when the user performs the switching operation via the input unit 105 in a state in which the switching operation screen is displayed on the display unit 103 of the terminal device 21, the reception unit 2111 of the terminal device 1 receives the switching operation (step S328). Thereafter, a switching request requesting switching of the authentication function of the service server 2 is transmitted from the terminal device 21 to the service server 2 (step S329).
On the other hand, in the service server 2, upon receiving the switching request, the state setting section 215 sets the service server 2 to an authentication function deactivation state in which authentication processing by the authentication processing section 216 is prohibited (step S330).
Thereafter, in the terminal device 1, the data acquisition unit 113 causes the display unit 103 to display the disposable URL indicated by the URL information (step S331), and then receives the disposable URL click operation (step S332). In this case, an access request requesting access to the one-time URL is transmitted from the terminal apparatus 1 to the service server 2 (step S333). At this time, the service server 2 is set to the authentication function deactivated state, and thus the authentication processing section 216 avoids execution of the authentication processing.
When the validity periods of the registration-use disposable URL and the access-control disposable URL are reached, the URL generation unit 212 disables the registration-use disposable URL and the access-control disposable URL in the service server 2 (step S334).
Here, for example, in step S321, in a state where a session is established between the service server 2 and the terminal device 1, a handover request is transmitted from the terminal device 21 to the service server 2. In this case, when the service server 2 is forcibly set to the authentication function deactivation state, the session is forcibly invalidated.
As described above, according to the present configuration, when the one-time URL for registration is generated, access control using the same one-time URL for registration can be performed even if the one-time URL for registration is not transmitted again to the terminal apparatus 1.
Further, according to the present configuration, the authentication function of the service server 2 can be switched by the terminal device 21 held by the manager, so that convenience of the manager of the service server 2 is improved. Further, according to the present configuration, user authentication is performed after notifying the registration disposable URL. The authentication function of the service server 2 can be switched to activation or deactivation by accessing the access control disposable URL from the second terminal apparatus.
In the present modification, there may be two URLs, i.e., a URL for activating the authentication function of the service server 2 and a URL for deactivating the authentication function of the service server 2, as access control disposable URLs. Alternatively, the access control disposable URL may be three or more types, or two or more types of access control disposable URLs for activating the authentication function and for deactivating the authentication function may be provided in the service server 2.
Alternatively, the URL generation unit 212 may generate a third one-time URL for switching between the valid state and the invalid state of the one-time URL for access control.
In the modification described above, when the access request is received from the terminal device 21, the state setting unit 215 of the service server 2 may set the service server 2 to the authentication function activation state or the deactivation state in which the authentication process by the authentication processing unit 216 is permitted. That is, the access request transmitted from the terminal device 21 may function as a handover request. In this case, the processing of steps S310 to S312 of fig. 7 and steps S327 to S329 of fig. 8 is omitted, and thus simplification of the processing can be achieved.
The functions of the terminal apparatus 1 and the service server 2 according to the present invention may be realized by a general computer system without depending on a dedicated system. For example, a computer connected to a network may be configured to store a program for executing the above-described operations in a non-transitory recording medium (CD-ROM (Compact Disc Read Only Memory: compact disc read only memory)) readable by a computer system, and to release the program, and to install the program on the computer system, thereby configuring the terminal device 1 and the service server 2 that execute the above-described processing.
Further, a method of providing the program to the computer is arbitrary. For example, a bulletin board (BBS: bulletin Board System, bulletin board system) that uploads a program to a communication line may be used, and the program may be transmitted to a computer via the communication line. The computer starts the program, and executes the program under the control of an OS (Operating System) in the same manner as other application programs. Thus, the computer functions as the terminal device 1 and the service server 2 that execute the above-described processing.
The embodiments and modifications of the present invention (including those described in the preamble and the same applies hereinafter) have been described above, but the present invention is not limited to these. The present invention also includes embodiments in which the embodiments and modifications are appropriately combined and appropriately modified.
Industrial applicability
The invention is applicable to client server systems that perform Single Sign On.
Reference numerals illustrate:
1: terminal device, 2: service server, 3: authentication servers, 101, 201, 301: CPU,102, 202, 302: memory, 103: display unit, 104, 204, 304: communication unit, 105: input unit, 111: login reception unit, 112, 2112: request transmitting unit, 113: data acquisition unit, 202, 302: memory, 211: request receiving unit, 212: URL generation unit, 213: expiration date setting unit, 214: URL transmitting unit, 215: state setting unit, 216: authentication processing unit, 217: data transmission unit, 221: service DB,222: logging DB,311: access right determination unit, 312: permission presence/absence notification unit, 321: repository, 2111: receiving unit, NT: a network.

Claims (1)

1. A client server system includes a first terminal device, a second terminal device, and a server,
the first terminal device includes:
a data acquisition unit that transmits an access request to the server based on the first access information received from the server, thereby acquiring data from the server,
The second terminal device has:
a request transmitting unit that transmits a switching request for switching the state of the server to the server based on the second access information received from the server, thereby switching the state of the server,
the server has:
an access information generation unit that generates the first access information and the second access information;
a valid period setting unit that sets a valid period of the first access information and the second access information;
an access information transmitting unit that transmits the first access information to the first terminal device and transmits the second access information to the second terminal device;
an authentication processing unit that performs an authentication process for authenticating a source of the access request; and
a state setting unit configured to set, when the switching request is received, either one of a first state in which the authentication processing by the authentication processing unit is permitted to be executed and a second state in which the authentication processing by the authentication processing unit is prohibited from being executed,
when the access request is received from the data acquisition unit, the authentication processing unit starts the authentication processing when the first state is set, and the authentication processing unit avoids execution of the authentication processing when the second state is set.
CN201880065759.4A 2017-10-12 2018-10-01 Client server system Active CN111201527B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP2017198703 2017-10-12
JP2017-198703 2017-10-12
JP2018-148913 2018-07-21
JP2018148913A JP6473879B1 (en) 2017-10-12 2018-07-21 Client server system
PCT/JP2018/038234 WO2019074127A1 (en) 2017-10-12 2018-10-01 Client server system

Publications (2)

Publication Number Publication Date
CN111201527A CN111201527A (en) 2020-05-26
CN111201527B true CN111201527B (en) 2023-06-02

Family

ID=65516882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880065759.4A Active CN111201527B (en) 2017-10-12 2018-10-01 Client server system

Country Status (5)

Country Link
US (1) US11222100B2 (en)
EP (1) EP3667527A4 (en)
JP (1) JP6473879B1 (en)
CN (1) CN111201527B (en)
WO (1) WO2019074127A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11632361B2 (en) * 2020-10-02 2023-04-18 Citrix Systems, Inc. Combined authentication and connection establishment for a communication channel
CN113162924B (en) * 2021-04-17 2022-10-25 北京长亭未来科技有限公司 Anti-attack method and device for Web communication and storage medium
WO2023239418A1 (en) 2022-06-10 2023-12-14 Playback Health Inc. Multi-party controlled transient user credentialing for interaction with patient health data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006031522A (en) * 2004-07-20 2006-02-02 Dainippon Printing Co Ltd Content relay distribution server, content relay distribution computer program
JP2012191270A (en) * 2011-03-08 2012-10-04 Kddi Corp Authentication system, terminal apparatus, authentication server and program
JP2013161123A (en) * 2012-02-01 2013-08-19 Mizuho Information & Research Institute Inc Access management system, access management method and access management program
JP2014078173A (en) * 2012-10-11 2014-05-01 Osaka Gas Security Service Kk Authentication processing apparatus
JP2015001974A (en) * 2013-06-18 2015-01-05 キヤノン株式会社 Authentication system, control method therefor, service providing device and computer program
JP2015111329A (en) * 2013-11-06 2015-06-18 株式会社あいびし Network service providing system, network service providing method, and program

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003085084A (en) * 2001-09-12 2003-03-20 Sony Corp Contents delivery system and method, portable terminal, delivery server, and recording medium
EP1315064A1 (en) * 2001-11-21 2003-05-28 Sun Microsystems, Inc. Single authentication for a plurality of services
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20040019801A1 (en) * 2002-05-17 2004-01-29 Fredrik Lindholm Secure content sharing in digital rights management
KR20030092920A (en) * 2002-05-31 2003-12-06 주식회사 현대시스콤 Method for load controlling of MSC in mobile communication system
JP4913624B2 (en) * 2007-02-21 2012-04-11 株式会社野村総合研究所 Authentication system and authentication method
JP5487374B2 (en) * 2008-06-30 2014-05-07 エヌエイチエヌ エンターテインメント コーポレーション Service providing method and online service system
JP5085605B2 (en) * 2009-05-08 2012-11-28 ヤフー株式会社 Server, method and program for managing logins
JP5669521B2 (en) * 2010-10-29 2015-02-12 オリンパス株式会社 Wireless communication terminal and connection setting method
US9767807B2 (en) * 2011-03-30 2017-09-19 Ack3 Bionetics Pte Limited Digital voice signature of transactions
EP3828742B1 (en) * 2013-05-23 2024-02-14 Passlogy Co., Ltd. User authentication method, system for implementing the same, and information communication terminal used in the same
JP2015103194A (en) * 2013-11-28 2015-06-04 キヤノン株式会社 Mail address control system
JP2015231177A (en) * 2014-06-06 2015-12-21 日本電信電話株式会社 Device authentication method, device authentication system, and device authentication program
US9723090B2 (en) 2014-09-30 2017-08-01 Anthony Tan Digital certification analyzer temporary external secured storage system tools
JP6677496B2 (en) * 2015-12-08 2020-04-08 キヤノン株式会社 Authentication federation system and authentication federation method, authorization server, application server and program
JP6088101B1 (en) * 2016-07-20 2017-03-01 株式会社三菱電機ビジネスシステム Electronic application support server, electronic application support method, and electronic application support program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006031522A (en) * 2004-07-20 2006-02-02 Dainippon Printing Co Ltd Content relay distribution server, content relay distribution computer program
JP2012191270A (en) * 2011-03-08 2012-10-04 Kddi Corp Authentication system, terminal apparatus, authentication server and program
JP2013161123A (en) * 2012-02-01 2013-08-19 Mizuho Information & Research Institute Inc Access management system, access management method and access management program
JP2014078173A (en) * 2012-10-11 2014-05-01 Osaka Gas Security Service Kk Authentication processing apparatus
JP2015001974A (en) * 2013-06-18 2015-01-05 キヤノン株式会社 Authentication system, control method therefor, service providing device and computer program
JP2015111329A (en) * 2013-11-06 2015-06-18 株式会社あいびし Network service providing system, network service providing method, and program

Also Published As

Publication number Publication date
WO2019074127A1 (en) 2019-04-18
US20200302037A1 (en) 2020-09-24
CN111201527A (en) 2020-05-26
EP3667527A1 (en) 2020-06-17
JP6473879B1 (en) 2019-02-27
US11222100B2 (en) 2022-01-11
JP2019075089A (en) 2019-05-16
EP3667527A4 (en) 2021-04-28

Similar Documents

Publication Publication Date Title
US9485239B2 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
CN107135073B (en) Interface calling method and device
Li et al. Security issues in OAuth 2.0 SSO implementations
CN101304418B (en) Client side protection method and system against drive-by pharming via referrer checking
US8176538B2 (en) Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave
US8213583B2 (en) Secure access to restricted resource
CN111201527B (en) Client server system
US7520339B2 (en) Apparatus for achieving integrated management of distributed user information
US20110055912A1 (en) Methods and apparatus for enabling context sharing
JP2005317022A (en) Account creation via mobile device
US20160381001A1 (en) Method and apparatus for identity authentication between systems
CN108810896B (en) Connection authentication method and device of wireless access point
CN103220344A (en) Method and system for using microblog authorization
US11165768B2 (en) Technique for connecting to a service
JP2008197973A (en) User authentication system
CN111628871B (en) Block chain transaction processing method and device, electronic equipment and storage medium
CN112118238B (en) Method, device, system, equipment and storage medium for authenticating login
JP2009003559A (en) Computer system for single sign-on server, and program
KR102055897B1 (en) Authentication Method and System for Service Connection of Internet Site using Phone Number
US8381269B2 (en) System architecture and method for secure web browsing using public computers
CN111182021A (en) File sharing method and device, electronic equipment and computer readable storage medium
US11075922B2 (en) Decentralized method of tracking user login status
CN109729045B (en) Single sign-on method, system, server and storage medium
CN114091077A (en) Authentication method, device, equipment and storage medium
KR102300021B1 (en) Authentication method and telecommunication server using IP address and SMS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant